report / study

DNB ziet operationele cyberweerbaarheid in de pensioensector nog onvoldoende verbeteren

ID 25566

DNB published their findings in a sector-wide analysis on information security for 2023 among Dutch pension funds and pension execution organizations. It is highlighted that the role and explicit knowledge of directors and (internal) supervisors require more attention for robust (IT) risk management. This includes cyber risks and residual risks and continually evaluating and improving control measures based on current threat assessments.
Three key findings emerge from the analysis:
Business continuity measures are inadequately tested
While pension execution organizations in the Netherlands pay thorough attention to designing and testing their business continuity measures, self-administered pension funds lag behind in focusing on business continuity. In 2024, DNB will specifically focus on the sector’s operational (cyber) resilience, looking at the role and explicit knowledge of directors and internal supervisors, the control of IT and cyber risks in outsourcing chains, and involving critical outsourcing relationships in business continuity tests
Implementation of critical security patches has not improved
The analysis reveals that pension funds and execution organizations in the Netherlands are slightly slower in implementing critical security patches compared to the previous year. DNB urges faster responses to potential security vulnerabilities in IT infrastructure and applications. Accelerating the controlled implementation of critical patches within the institution and throughout the outsourcing chain is essential due to increased risks right after the release of such patches
Risk management maturity varies among institutions in the pension sector
The sector-wide analysis indicates that the integration of IT and cyber resilience in the entire risk management cycle lags behind in some institutions. While 21% of pension funds and execution organizations cannot sufficiently demonstrate the maturity of their risk assessments, there is still room for enhancement. The maturity of processes following risk improvement plans has improved, with 26% reporting insufficient maturity compared to 39% in the preceding year. Additionally, 20% of institutions cannot sufficiently demonstrate a mature IT risk management framework. DNB urges these institutions to demonstrate effective control of their information security risks.
This article provides insight into the major cyber risks facing the sector, emphasizing the need for risk mitigation.

Other Features
assessment
cyber security
governance
operational
outsourcing
pension funds
process
reporting
resilience
risk
risk management
securities
Date Published: 2023-10-30
Regulatory Framework: Digital Operational Resilience Act (DORA)
Regulatory Type: report / study
Asset Management
information

ESG-risico’s hoog op de agenda van pensioenfondsbesturen, maar meer actie en ...

ID 26517
There’s an increasing urgency to manage ESG risks due to rapid climate change, biodi ...

DNB handhaaft Contracyclische Kapitaalbuffer op 2 procent – december 2023

ID 26484
The Dutch Central Bank (DNB) published a news release stating to maintain the 2% countercy ...
Asset Management
information

TRANSITIENIEUWS – Gesprekken tussen DNB en pensioenfondsen bieden inzichten ...

ID 26483
DNB published a news article sharing information from a DNB seminar held for smaller pensi ...
Asset Management
report / study

TRANSITIENIEUWS – Uitkomst onderzoeken over beheersing datakwaliteit bij ...

ID 26464
DNB publishes an artcle with the outcome of an investigation, conducted in 2023, into the ...
  • Topic Filter

    Top Tag Search
    Top Tag Search
    Top Tag Search
    Top Tag Search
You are on the training version of RISP core with limited functions and data. Please subscribe to RISP core for professional or academic use. We supply free real time datasets for approved academic research; professional subscriptions start at 950€ plus VAT per annum.

Compare Listings